Vulnerable binaries and source code for 64-bit Linux Stack Smashing tutorials.

64-bit-linux-stack-smashing.md

This repository contains the vulnerable binaries used in the 64-bit Linux Stack Smashing tutorials found at http://blog.techorganic.com/search.html?query=64-bit+Linux+Stack+Smashing

classic

classic.c

/* Compile: gcc -fno-stack-protector -z execstack classic.c -o classic */
/* Disable ASLR: echo 0 > /proc/sys/kerne/randomize_va_space           */

#include <stdio.h>
#include <unistd.h>

int vuln() {
    char buf[80];
    int r;
    r = read(0, buf, 400);
    printf("\nRead %d bytes. buf is %s\n", r, buf);
    puts("No shell for you :(");
    return 0;
}

int main(int argc, char *argv[]) {
    printf("Try to exec /bin/sh");
    vuln();
    return 0;
}

leak

leak.c

/* Compile: gcc -fno-stack-protector leak.c -o leak          */
/* Enable ASLR: echo 2 > /proc/sys/kernel/randomize_va_space */

#include <stdio.h>
#include <string.h>
#include <unistd.h>

void helper() {
    asm("pop %rdi; pop %rsi; pop %rdx; ret"); 
}

int vuln() {
    char buf[150];  
    ssize_t b;
    memset(buf, 0, 150);
    printf("Enter input: ");
    b = read(0, buf, 400); 

    printf("Recv: ");
    write(1, buf, b); 
    return 0; 
}


int main(int argc, char *argv[]){
    setbuf(stdout, 0); 
    vuln(); 
    return 0; 
}

ret2libc

ret2libc.c

/* Compile: gcc -fno-stack-protector ret2libc.c -o ret2libc  */
/* Disable ASLR: echo 0 > /proc/sys/kerne/randomize_va_space */

#include <stdio.h>
#include <unistd.h>

int vuln() {
    char buf[80];
    int r;
    r = read(0, buf, 400);
    printf("\nRead %d bytes. buf is %s\n", r, buf);
    puts("No shell for you :(");
    return 0;
}

int main(int argc, char *argv[]) {
    printf("Try to exec /bin/sh");
    vuln();
    return 0;
}